Skip to main content
SpringerLink
Log in

Growing Hierarchical Self-organizing Maps and Statistical Distribution Models for Online Detection of Web Attacks

  • Conference paper
Web Information Systems and Technologies (WEBIST 2012)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 140))

Included in the following conference series:

Abstract

In modern networks, HTTP clients communicate with web servers using request messages. By manipulating these messages attackers can collect confidential information from servers or even corrupt them. In this study, the approach based on anomaly detection is considered to find such attacks. For HTTP queries, feature matrices are obtained by applying an n-gram model, and, by learning on the basis of these matrices, growing hierarchical self-organizing maps are constructed. For HTTP headers, we employ statistical distribution models based on the lengths of header values and relative frequency of symbols. New requests received by the web-server are classified by using the maps and models obtained in the training stage. The technique proposed allows detecting online HTTP attacks in the case of continuous updated web-applications. The algorithm proposed is tested using logs, which were acquired from a large real-life web service and included normal and intrusive requests. As a result, almost all attacks from these logs are detected, and the number of false alarms remains very low.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mukkamala, S., Sung, A.: A comparative study of techniques for intrusion detection. In: Proc. 15th IEEE International Conference on Tools with Artificial Intelligence, pp. 570–577 (November 2003)

    Google Scholar 

  2. Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically Hardening Web Applications Using Precise Tainting. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) Security and Privacy in the Age of Ubiquitous Computing. IFIP AICT, vol. 181, pp. 295–307. Springer, Boston (2005)

    Chapter  Google Scholar 

  3. Axelsson, S.: Research in intrusion-detection systems: a survey. Department of Computer Engineering, Chalmers University of Technology, Goteborg, Sweden, Technical Report, pp. 98–117 (December 1998)

    Google Scholar 

  4. Patcha, A., Park, J.M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks: The International Journal of Computer and Telecommunications Networking 51(12) (August 2007)

    Google Scholar 

  5. Verwoerd, T., Hunt, R.: Intrusion detection techniques and approaches. Computer Communications - COMCOM 25(15), 1356–1365 (2002)

    Article  Google Scholar 

  6. Kemmerer, R.A., Vigna, G.: Intrusion Detection: A Brief History and Overview. Computer 35, 27–30 (2002)

    Article  Google Scholar 

  7. Gollmann, D.: Computer Security, 2nd edn. Wiley (2006)

    Google Scholar 

  8. Kohonen, T.: Self-organizing map, 3rd edn. Springer, Berlin (2001)

    Book  Google Scholar 

  9. Kohonen, T.: Self-organized formation of topologically correct feature maps. Biological Cybernetics 43(1), 59–69 (1982)

    Article  MathSciNet  MATH  Google Scholar 

  10. Kayacik, H.G., Nur, Z.-H., Heywood, M.I.: A hierarchical SOM-based intrusion detection system. Engineering Applications of Artificial Intelligence 20 (2007)

    Google Scholar 

  11. Jiang, D., Yang, Y., Xia, M.: Research on Intrusion Detection Based on an Improved SOM Neural Network. In: Proc. of the Fifth Intl Conference on Information Assurance and Security (2009)

    Google Scholar 

  12. Rauber, A., Merkl, D., Dittenbach, M.: The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data. IEEE Transactions on Neural Networks 13(6), 1331–1341 (2002)

    Article  Google Scholar 

  13. Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J.: A New GHSOM Model Applied to Network Security. In: Kůrková, V., Neruda, R., Koutník, J. (eds.) ICANN 2008, Part I. LNCS, vol. 5163, pp. 680–689. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  14. Ippoliti, D., Xiaobo, Z.: An Adaptive Growing Hierarchical Self Organizing Map for Network Intrusion Detection. In: Proc. 19th IEEE International Conference on Computer Communications and Networks (ICCCN), pp. 1–7 (August 2010)

    Google Scholar 

  15. Shehab, M., Mansour, N., Faour, A.: Growing Hierarchical Self-Organizing Map for Filtering Intrusion Detection Alarms. In: International Symposium on Parallel Architectures, Algorithms, and Networks, I-SPAN 2008, pp. 167–172 (May 2008)

    Google Scholar 

  16. Suen, C.Y.: n-Gram Statistics for Natural Language Understanding and Text Processing. IEEE Transactions on Pattern Analysis and Machine Intelligence PAMI-1(2), 164–172 (1979)

    Article  Google Scholar 

  17. Hirsimaki, T., Pylkkonen, J., Kurimo, M.: Importance of High-Order N-Gram Models in Morph-Based Speech Recognition. IEEE Transactions on Audio, Speech, and Language Processing 17(4), 724–732 (2009)

    Article  Google Scholar 

  18. Chan, A., Pampalk, E.: Growing hierarchical self organising map (ghsom) toolbox: visualisations and enhancements. In: 9th Int’l Conference Neural Information Processing, ICONIP 2002, vol. 5, pp. 2537–2541 (2002)

    Google Scholar 

  19. Johnson, R.W.: Estimating the Size of a Population. Teaching Statistics 16(2), 50–52 (1994)

    Article  Google Scholar 

  20. Ultsch, A.: Clustering with SOM: U*C. In: Proc. Workshop on Self-Organizing Maps (WSOM 2005), Paris, France, pp. 75–82 (2005)

    Google Scholar 

  21. Ultsch, A., Siemon, H.P.: Kohonen’s Self Organizing Feature Maps for Exploratory Data Analysis. In: Proc. Intern. Neural Networks, pp. 305–308. Kluwer Academic Press, Paris (1990)

    Google Scholar 

  22. Ultsch, A.: Maps for the Visualization of high-dimensional Data Spaces. In: Proc. WSOM, Kyushu, Japan, pp. 225–230 (2003)

    Google Scholar 

  23. Ultsch, A.: Pareto Density Estimation: A Density Estimation for Knowledge Discovery. In: Innovations in Classification, Data Science, and Information Systems - Proc. 27th Annual Conference of the German Classification Society (GfKL), pp. 91–100. Springer, Heidelberg (2003)

    Google Scholar 

  24. Apache 2.0 Documentation (2011), http://www.apache.org/

  25. Klein, A.: Detecting and Preventing HTTP Response Splitting and HTTP Request Smuggling Attacks at the TCP Level. Tech. Note (August 2005), http://www.securityfocus.com/archive/1/408135

  26. Corona, I., Giacinto, G.: Detection of Server-side Web Attacks. In: Proc of JMLR: Workshop on Applications of Pattern Analysis, pp. 160–166 (2010)

    Google Scholar 

  27. Jain, A., Murty, M., Flynn, P.: Data clustering: a review. ACM Computing Surveys 31(3), 264–323 (1999) ISSN 0360-0300

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematical Information Technology, University of Jyväskylä, Jyväskylä, FI-40014, Finland

    Mikhail Zolotukhin, Timo Hämäläinen & Antti Juvonen

Authors
  1. Mikhail Zolotukhin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Timo Hämäläinen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antti Juvonen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Systems and Technologies of Information, Control and Communication (INSTICC), and Instituto Politécnico de Setúbal (IPS), Setúbal, Portugal

    José Cordeiro

  2. RWTH Aachen University, Ahornstr. 55, 52074, Aachen, Germany

    Karl-Heinz Krempels

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zolotukhin, M., Hämäläinen, T., Juvonen, A. (2013). Growing Hierarchical Self-organizing Maps and Statistical Distribution Models for Online Detection of Web Attacks. In: Cordeiro, J., Krempels, KH. (eds) Web Information Systems and Technologies. WEBIST 2012. Lecture Notes in Business Information Processing, vol 140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36608-6_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36608-6_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36607-9

  • Online ISBN: 978-3-642-36608-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation